hotdogdoxie
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by hotdogdoxie
-
-
OK here is the frst and search reports for you
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 10-01-2013 15:07:05
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\Amanda\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Startup: C:\Users\Amanda\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Services (Whitelisted) ===================
2 ehffigzyvkiukf; C:\windows\SysWOW64\XTSYNX~1.EXE [98304 2010-12-15] ( Copyrighted © )
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation)
2 NCO; "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll" /prefetch:1 [535416 2012-12-05] (Symantec Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SpyroService; "C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe" [50688 2012-09-20] (FS)
==================== Drivers (Whitelisted) =====================
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-29] (Symantec Corporation)
1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [168096 2012-08-20] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-16] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130109.001\IDSvia64.sys [513184 2012-12-15] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\ENG64.SYS [126112 2012-12-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130109.040\EX64.SYS [2084000 2012-12-16] (Symantec Corporation)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1863720 2012-06-01] ()
1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1402000.013\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-12-17] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST
2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS
2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations
2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS
2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B}
2013-01-09 19:14 - 2013-01-09 19:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23}
2013-01-09 14:15 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 14:15 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 14:13 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 14:13 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 14:13 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 14:13 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 14:13 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 14:13 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 14:13 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 14:13 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 14:13 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 14:13 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 14:13 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 14:13 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 14:13 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 14:13 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 14:13 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 14:13 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 14:12 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 14:12 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 14:12 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 14:12 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 14:12 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 14:12 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 14:12 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 14:12 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 14:12 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 14:12 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 14:12 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 14:12 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 14:12 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 14:12 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 14:12 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 14:12 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 14:11 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 14:11 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4}
2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA}
2013-01-07 07:36 - 2013-01-07 07:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438}
2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 05:43 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-07 05:42 - 2013-01-07 05:43 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17}
2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313}
2013-01-04 20:35 - 2013-01-06 09:34 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt
2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe
2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011
2013-01-04 18:40 - 2013-01-04 18:42 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip
2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt
2013-01-04 17:14 - 2013-01-04 18:34 - 00000000 ____D C:\ComboFix
2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6}
2013-01-03 15:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-03 15:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-03 15:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-03 15:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-03 15:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-03 15:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-03 15:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-03 15:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-03 15:23 - 2013-01-04 18:34 - 00000000 ____D C:\Qoobox
2013-01-03 15:23 - 2013-01-03 15:40 - 00000000 ____D C:\Windows\erdnt
2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe
2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt
2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt
2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt
2013-01-03 11:18 - 2013-01-03 11:21 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine
2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt
2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe
2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe
2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt
2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt
2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt
2013-01-03 07:30 - 2013-01-03 07:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51}
2013-01-02 07:30 - 2013-01-02 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4}
2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF}
2013-01-01 06:56 - 2013-01-01 06:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F}
2012-12-31 06:55 - 2012-12-31 18:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74}
2012-12-30 17:12 - 2012-12-30 17:13 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68}
2012-12-30 05:00 - 2012-12-30 05:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2}
2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985}
2012-12-28 09:59 - 2012-12-28 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21}
2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4}
2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930}
2012-12-26 07:54 - 2012-12-26 19:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D}
2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files\iTunes
2012-12-25 21:19 - 2012-12-25 21:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod
2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5}
2012-12-25 07:29 - 2012-12-25 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6}
2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E}
2012-12-23 22:00 - 2012-12-23 22:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476}
2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD}
2012-12-22 06:21 - 2012-12-22 18:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2}
2012-12-21 21:41 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 21:41 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 21:41 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 21:41 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 05:36 - 2012-12-21 17:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22}
2012-12-20 05:35 - 2012-12-20 17:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526}
2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92}
2012-12-19 05:41 - 2012-12-27 06:04 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job
2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2}
2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-18 18:41 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20121218-214141.backup
2012-12-18 18:01 - 2012-12-18 18:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-18 18:01 - 2012-12-18 18:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk
2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE}
2012-12-17 20:08 - 2013-01-04 10:27 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2012-12-17 19:46 - 2012-12-17 20:08 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk
2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444}
2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6}
2012-12-16 16:42 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-16 16:42 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-16 16:42 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-16 16:42 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-16 16:42 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-16 16:42 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-16 16:42 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-16 16:42 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-16 16:42 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-16 16:42 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-16 16:42 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-16 16:42 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-16 16:42 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-16 16:42 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-16 16:42 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-16 16:42 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-16 16:42 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-16 16:42 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-16 16:42 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-16 16:42 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-16 16:42 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-16 16:42 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-16 16:42 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-16 16:42 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-16 16:42 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-16 16:42 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-16 16:42 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-16 16:42 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-16 16:42 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-16 16:42 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-16 16:42 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-16 16:42 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-16 15:40 - 2012-12-17 19:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE
2012-12-16 13:59 - 2012-12-16 14:00 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com
2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-12-16 10:35 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-16 10:35 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-16 10:35 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-16 10:35 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-16 10:32 - 2012-12-16 10:34 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5}
2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp
2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994}
2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881}
2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607}
2012-12-14 16:48 - 2012-12-14 16:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6}
2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla
2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla
2012-12-14 12:24 - 2012-12-16 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla
2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E}
2012-12-13 04:42 - 2012-12-13 16:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811}
2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC}
2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp
2012-12-11 08:54 - 2012-12-11 20:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA}
==================== One Month Modified Files and Folders =======
2013-01-10 11:59 - 2012-04-26 22:59 - 01090154 ____A C:\Windows\WindowsUpdate.log
2013-01-10 11:59 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-10 11:58 - 2013-01-10 11:58 - 00000000 ____D C:\FRST
2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-10 11:57 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-10 11:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-10 11:50 - 2012-08-29 05:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-10 11:50 - 2012-07-12 15:48 - 00000000 ____D C:\Users\All Users\Kodak
2013-01-10 11:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-10 11:50 - 2009-07-13 20:51 - 00066663 ____A C:\Windows\setupact.log
2013-01-10 11:43 - 2012-08-29 05:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-10 11:06 - 2012-07-18 07:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-01-10 10:15 - 2013-01-10 10:15 - 00000000 ____D C:\Program Files (x86)\FS
2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\Downloaded Installations
2013-01-10 10:14 - 2013-01-10 10:14 - 00000000 ____D C:\Program Files\FS
2013-01-10 07:15 - 2013-01-10 07:15 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A3514E8E-1DCA-4992-AAA4-35A85E064B1B}
2013-01-10 06:00 - 2009-07-13 20:45 - 00310952 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 21:30 - 2012-07-10 15:02 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-09 21:19 - 2012-08-07 18:39 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 19:15 - 2013-01-09 19:14 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B2B32F44-514E-4D97-9358-C93D4372AC23}
2013-01-09 14:23 - 2012-08-15 05:06 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-01-09 14:07 - 2012-07-11 05:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-08 19:59 - 2013-01-08 19:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9F8517C-9933-460C-A1E0-758AE31F70C4}
2013-01-08 17:07 - 2012-07-18 07:34 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 17:07 - 2011-10-25 20:12 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 19:37 - 2013-01-07 19:37 - 00000000 ____D C:\Users\Amanda\AppData\Local\{E609700E-C39F-4084-8925-B5BAFA4F4DAA}
2013-01-07 07:37 - 2013-01-07 07:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D9A3BA8D-F1E8-49E5-B19E-183D5C5CF438}
2013-01-07 05:43 - 2013-01-07 05:43 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Malwarebytes
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-07 05:43 - 2013-01-07 05:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-07 05:43 - 2013-01-07 05:42 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.70.0.1100.exe
2013-01-07 05:37 - 2010-11-20 19:47 - 00634046 ____A C:\Windows\PFRO.log
2013-01-06 11:25 - 2013-01-06 11:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\{6DE5B740-C8C6-4EE1-83A7-48B272E01B17}
2013-01-06 09:34 - 2013-01-04 20:35 - 00000432 ____A C:\Users\Amanda\Desktop\SystemLook.txt
2013-01-05 19:45 - 2012-09-04 13:33 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForAMANDA-HP$.job
2013-01-05 11:53 - 2013-01-05 11:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{46E1EEAA-AEDD-47D4-9587-77B5F5227313}
2013-01-04 20:22 - 2013-01-04 20:22 - 00165376 ____A C:\Users\Amanda\Desktop\SystemLook_x64.exe
2013-01-04 18:43 - 2013-01-04 18:43 - 00000000 ____D C:\Users\Amanda\Desktop\mbar-1.01.0.1011
2013-01-04 18:42 - 2013-01-04 18:40 - 13485902 ____A C:\Users\Amanda\Desktop\mbar-1.01.0.1011.zip
2013-01-04 18:34 - 2013-01-04 17:14 - 00000000 ____D C:\ComboFix
2013-01-04 18:34 - 2013-01-03 15:23 - 00000000 ____D C:\Qoobox
2013-01-04 18:33 - 2013-01-04 18:33 - 00021237 ____A C:\ComboFix.txt
2013-01-04 18:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-01-04 10:36 - 2013-01-04 10:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{03F6BD2B-7269-46A6-8CA2-36486420A2C6}
2013-01-04 10:27 - 2012-12-17 20:08 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2013-01-03 15:40 - 2013-01-03 15:23 - 00000000 ____D C:\Windows\erdnt
2013-01-03 15:17 - 2013-01-03 15:17 - 05018515 ____R (Swearware) C:\Users\Amanda\Desktop\ComboFix.exe
2013-01-03 15:11 - 2013-01-03 15:11 - 00001509 ____A C:\Users\Amanda\Documents\malewarebytes2.txt
2013-01-03 11:21 - 2013-01-03 11:21 - 00002669 ____A C:\Users\Amanda\Desktop\RKreport[2]_D_01032013_02d1421.txt
2013-01-03 11:21 - 2013-01-03 11:18 - 00000000 ____D C:\Users\Amanda\Desktop\RK_Quarantine
2013-01-03 11:20 - 2013-01-03 11:20 - 00002614 ____A C:\Users\Amanda\Desktop\RKreport[1]_S_01032013_02d1420.txt
2013-01-03 10:29 - 2013-01-03 10:29 - 00007609 ____A C:\AdwCleaner[s1].txt
2013-01-03 10:27 - 2013-01-03 10:27 - 00551997 ____A C:\Users\Amanda\Downloads\adwcleaner.exe
2013-01-03 10:22 - 2013-01-03 10:22 - 00856731 ____A C:\Users\Amanda\Downloads\SecurityCheck.exe
2013-01-03 10:17 - 2013-01-03 10:17 - 00004382 ____A C:\Users\Amanda\Documents\malewarebytes.txt
2013-01-03 09:35 - 2013-01-03 09:35 - 00028508 ____A C:\Users\Amanda\Desktop\dds.txt
2013-01-03 09:35 - 2013-01-03 09:35 - 00011205 ____A C:\Users\Amanda\Desktop\attach.txt
2013-01-03 07:31 - 2013-01-03 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51}
2013-01-02 19:30 - 2013-01-02 07:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4}
2013-01-01 18:57 - 2013-01-01 18:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF}
2013-01-01 06:57 - 2013-01-01 06:56 - 00000000 ____D C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F}
2012-12-31 18:56 - 2012-12-31 06:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74}
2012-12-30 17:13 - 2012-12-30 17:12 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68}
2012-12-30 05:01 - 2012-12-30 05:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2}
2012-12-29 10:01 - 2012-12-29 10:01 - 00000000 ____D C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985}
2012-12-28 22:00 - 2012-12-28 09:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21}
2012-12-27 21:59 - 2012-12-27 21:59 - 00000000 ____D C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4}
2012-12-27 08:44 - 2012-12-27 08:44 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930}
2012-12-27 06:04 - 2012-12-19 05:41 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForAmanda.job
2012-12-26 19:55 - 2012-12-26 07:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D}
2012-12-26 08:06 - 2012-07-10 08:42 - 00000000 ____D C:\users\Amanda
2012-12-25 21:32 - 2012-07-11 14:31 - 00000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps
2012-12-25 21:21 - 2012-12-25 21:21 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iTunes
2012-12-25 21:20 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-25 21:19 - 2012-12-25 21:19 - 00000000 ____D C:\Program Files\iPod
2012-12-25 19:30 - 2012-12-25 19:30 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5}
2012-12-25 14:49 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-25 07:30 - 2012-12-25 07:29 - 00000000 ____D C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6}
2012-12-24 14:28 - 2012-12-24 14:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E}
2012-12-23 22:01 - 2012-12-23 22:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476}
2012-12-23 10:00 - 2012-12-23 10:00 - 00000000 ____D C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD}
2012-12-22 22:40 - 2012-11-04 09:28 - 00000000 ____D C:\Users\Amanda\Documents\Recipes
2012-12-22 18:22 - 2012-12-22 06:21 - 00000000 ____D C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2}
2012-12-21 17:36 - 2012-12-21 05:36 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22}
2012-12-20 17:35 - 2012-12-20 05:35 - 00000000 ____D C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526}
2012-12-19 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-19 10:49 - 2012-12-19 10:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92}
2012-12-19 05:40 - 2012-07-18 07:44 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-12-19 05:39 - 2012-12-19 05:39 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-12-18 20:50 - 2012-12-18 20:50 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2}
2012-12-18 18:43 - 2012-12-18 18:43 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-12-18 18:40 - 2012-12-18 18:01 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-12-18 18:08 - 2012-12-18 18:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-18 18:01 - 2012-12-18 18:01 - 00001262 ____A C:\Users\Amanda\Desktop\Spybot - Search & Destroy.lnk
2012-12-18 05:53 - 2012-12-18 05:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE}
2012-12-17 20:11 - 2012-04-26 23:10 - 00000000 ____D C:\Users\All Users\Norton
2012-12-17 20:10 - 2012-07-16 12:19 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-12-17 20:08 - 2012-12-17 20:08 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2012-12-17 20:08 - 2012-12-17 19:46 - 00001294 ____A C:\Users\Amanda\Desktop\Norton Installation Files.lnk
2012-12-17 20:08 - 2012-07-16 12:20 - 00002316 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-12-17 20:06 - 2012-07-16 12:20 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-12-17 20:06 - 2012-07-16 12:20 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-12-17 20:06 - 2012-07-16 12:20 - 00000000 ____D C:\Program Files\Symantec
2012-12-17 19:46 - 2012-07-16 12:06 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-12-17 19:42 - 2012-12-16 15:40 - 00000000 ____D C:\Users\Amanda\AppData\Local\NPE
2012-12-17 17:52 - 2012-12-17 17:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444}
2012-12-17 06:35 - 2012-12-17 06:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2012-12-17 05:52 - 2012-12-17 05:52 - 00000000 ____D C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6}
2012-12-16 14:00 - 2012-12-16 13:59 - 01754528 ____A (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.com
2012-12-16 13:14 - 2012-12-14 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-16 13:14 - 2011-10-25 20:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-16 13:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-12-16 13:12 - 2012-08-29 05:31 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-16 12:48 - 2012-12-16 12:48 - 00000861 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-12-16 12:47 - 2012-04-26 23:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-12-16 10:34 - 2012-12-16 10:32 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Amanda\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-16 10:22 - 2012-12-16 10:22 - 00000000 ____D C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5}
2012-12-16 10:21 - 2012-12-16 10:21 - 00272464 ____A C:\Windows\Minidump\121612-46815-01.dmp
2012-12-16 10:21 - 2012-09-12 04:46 - 00000000 ____D C:\Windows\Minidump
2012-12-16 10:20 - 2012-09-12 04:46 - 401557580 ____A C:\Windows\MEMORY.DMP
2012-12-16 09:11 - 2012-12-21 21:41 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:43 - 2012-12-16 06:43 - 00000000 ____D C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994}
2012-12-16 06:13 - 2012-12-21 21:41 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 21:41 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-15 16:57 - 2012-12-15 16:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881}
2012-12-15 04:57 - 2012-12-15 04:57 - 00000000 ____D C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607}
2012-12-14 16:49 - 2012-12-14 16:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6}
2012-12-14 13:49 - 2013-01-07 05:43 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Mozilla
2012-12-14 12:25 - 2012-12-14 12:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Mozilla
2012-12-14 12:24 - 2012-12-14 12:24 - 00000000 ____D C:\Users\All Users\Mozilla
2012-12-14 04:48 - 2012-12-14 04:48 - 00000000 ____D C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E}
2012-12-13 16:42 - 2012-12-13 04:42 - 00000000 ____D C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811}
2012-12-12 15:24 - 2009-07-13 21:38 - 00067584 ___AS C:\Windows\bootstat(33).dat
2012-12-12 11:44 - 2012-07-10 11:05 - 00000000 ____D C:\Users\Amanda\Documents\Bill Payments
2012-12-12 11:42 - 2012-08-29 05:33 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-12 08:54 - 2012-12-12 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC}
2012-12-12 05:40 - 2012-12-12 05:40 - 00272496 ____A C:\Windows\Minidump\121212-45006-01.dmp
2012-12-11 20:54 - 2012-12-11 08:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA}
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 3562.91 MB
Available physical RAM: 2856.57 MB
Total Pagefile: 3561.05 MB
Available Pagefile: 2848.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:440.78 GB) (Free:326.7 GB) NTFS ==>[system with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:20.82 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.2 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 440 GB 200 MB
Partition 3 Primary 20 GB 440 GB
Partition 4 Primary 4063 MB 461 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 440 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 20 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 14 GB Healthy
=========================================================
Last Boot: 2013-01-04 11:10
==================== End Of Log =============================
And the Search Report:
Farbar Recovery Scan Tool (x64) Version: 09-01-2013
Ran by SYSTEM at 2013-01-10 15:09:41
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\erdnt\cache64\services.exe
[2013-01-03 15:40] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
-
Did you get a chance to look at the report yet?
-
I just ran it again. I was out all day. Sorry for the delay.
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.01.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Amanda :: AMANDA-HP [administrator]
1/8/2013 7:07:34 PM
mbam-log-2013-01-08 (19-07-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211719
Time elapsed: 5 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot.
(end)
-
The virus is still there. Is there anything else I can do? Is this something that is dangerous to my system?
-
Still there. Should I try to remove them or is there something else I should try first?
-
OK I have done all you instructed as above. I am assuming you want me to run the scan now, but I want to be sure that is the next step you'd like me to do first. Thanks!
-
Sorry, I was out yesterday. Here is the report.
SystemLook 30.07.11 by jpshortstuff
Log created at 12:31 on 06/01/2013 by Amanda
Administrator - Elevation successful
========== filefind ==========
Searching for "msaunperp.dll"
No files found.
-= EOF =-
FYI Upon running Malwarebytes again after running this report it found the trojan again.
-
I'm so confused. Going to bed now and will pick up with this tomorrow please:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:35 on 04/01/2013 by Amanda
Administrator - Elevation successful
========== filefind ==========
Searching for "msaunperp.dll "
No files found.
-= EOF =-
-
OK I've run the anti-root kit 3 times now and it keeps coming back. I didn't see a report to post on this one. The file is under syswow64\msaunperp.dll but when I run malwarebytes it's under system32\msaunperp.dll under file and memory module. Everything else seems to be functioning properly (internet, firewall, windows update)
-
The ComboFix scan is completed and the report is listed below. It took an hour and 20 minutes to complete and was hung up on stage 5 for half an hour. The trojan is still there. I will now run the second part of the post while you review the log. (By the way, I really appreciate your help)
ComboFix 13-01-03.05 - Amanda 01/04/2013 20:16:14.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2106 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-05 02:31 . 2013-01-05 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs
2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes
2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013
2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes
2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla
2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp
2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472]
.
[HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}]
2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416]
.
[HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Conime"="c:\windows\system32\conime.exe" [bU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-04 21:33:59
ComboFix-quarantined-files.txt 2013-01-05 02:33
ComboFix2.txt 2013-01-04 22:01
ComboFix3.txt 2013-01-03 23:44
.
Pre-Run: 356,141,101,056 bytes free
Post-Run: 356,066,357,248 bytes free
.
- - End Of File - - 2F321FAFB0A3E56752C7CEB22ADEC3C8
-
The computer is running fine, but Malewarebytes is still picking up the trojan....
-
Here is the report from Combofix. It took an extremely long time to run. I have not rebooted yet but will in a moment and let you know how the computer is running.
ComboFix 13-01-03.05 - Amanda 01/04/2013 16:02:11.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2019 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
Command switches used :: c:\users\Amanda\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-01-04 21:20 . 2013-01-04 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs
2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes
2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-18 04:08 . 2013-01-04 18:27 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013
2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes
2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla
2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp
2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472]
.
[HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}]
2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-12-18 02:16 509416 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll" [2012-12-18 509416]
.
[HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Conime"="c:\windows\system32\conime.exe" [bU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-15 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [2012-12-05 143928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-04 17:01:38
ComboFix-quarantined-files.txt 2013-01-04 22:01
ComboFix2.txt 2013-01-03 23:44
.
Pre-Run: 356,207,222,784 bytes free
Post-Run: 356,125,523,968 bytes free
.
- - End Of File - - 9874A90EC1C9551EEC35902B592EC164
-
Here you are. Upon reboot the file is still infected.
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.01.03.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Amanda :: AMANDA-HP [administrator]
1/3/2013 6:55:56 PM
mbam-log-2013-01-03 (18-55-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210689
Time elapsed: 3 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\windows\system32\msaunperp.dll (Trojan.Agent) -> Delete on reboot.
(end)
-
Maleware is still picking up the virus. I will post the log when it is done running.
-
Hi Gringo,
OK here is the log, I had no problems running it. I am running the malewarebytes program now to see if the infection is gone.
ComboFix 13-01-03.05 - Amanda 01/03/2013 18:27:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1852 [GMT -5:00]
Running from: c:\users\Amanda\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2013-01-03 23:38 . 2013-01-03 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 20:14 . 2013-01-03 20:14 -------- d-----w- c:\users\Amanda\AppData\Local\Programs
2012-12-26 05:19 . 2012-12-26 05:19 -------- d-----w- c:\program files\iPod
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files\iTunes
2012-12-26 05:19 . 2012-12-26 05:20 -------- d-----w- c:\program files (x86)\iTunes
2012-12-22 05:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 05:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 05:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 05:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 13:39 . 2012-12-19 13:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-12-19 02:43 . 2012-12-19 02:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-19 02:01 . 2012-12-19 02:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-19 02:01 . 2012-12-19 02:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-12-18 04:08 . 2012-12-18 04:08 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2012-12-18 04:05 . 2012-12-18 04:07 -------- d-----w- c:\windows\system32\drivers\NAVx64\1402000.013
2012-12-16 23:40 . 2012-12-18 03:42 -------- d-----w- c:\users\Amanda\AppData\Local\NPE
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2012-12-16 18:50 . 2012-12-16 18:50 -------- d-----w- c:\programdata\Malwarebytes
2012-12-16 18:50 . 2013-01-03 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-16 18:35 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 18:35 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 18:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 18:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-16 18:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\Amanda\AppData\Local\Mozilla
2012-12-08 03:59 . 2012-12-08 03:59 -------- d-----w- c:\users\Amanda\AppData\Roaming\Catalina Marketing Corp
2012-12-08 03:59 . 2012-12-08 04:06 489712 ----a-w- c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 04:06 . 2012-07-16 20:20 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-12-17 00:43 . 2012-08-08 02:39 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 01:07 . 2012-07-18 15:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:07 . 2011-10-26 04:12 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-19 23:18 . 2012-10-14 04:46 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2012-10-19 23:18 . 2012-10-14 04:45 440704 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-16 08:38 . 2012-11-28 13:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 00:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 00:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 00:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 00:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f3954c17-b785-b6e4-e583-60efe47cb84a}"= "c:\program files (x86)\MyPoints Toolbar\Helper.dll" [2012-09-19 361472]
.
[HKEY_CLASSES_ROOT\clsid\{f3954c17-b785-b6e4-e583-60efe47cb84a}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{44B4024E-E741-7714-B513-8750120100CF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{948548C2-1801-7A14-F509-7FE523202B1D}]
2012-09-19 13:38 1624576 ----a-w- c:\program files (x86)\MyPoints Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4}"= "c:\program files (x86)\MyPoints Toolbar\Toolbar.dll" [2012-09-19 1624576]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584]
.
[HKEY_CLASSES_ROOT\clsid\{5495b7a2-8f65-dee4-a9ff-9bb6409140d4}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{2F580E29-6056-3844-D9B5-6D363608DD88}]
[HKEY_CLASSES_ROOT\FCTB000100757.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402000.013\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-10-04 168096]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130102.001\IDSvia64.sys [2012-12-15 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402000.013\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402000.013\SYMNETS.SYS [2012-09-07 432800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 2424424]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:07]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 13:31]
.
2012-12-07 c:\windows\Tasks\HPCeeScheduleForAMANDA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-12-27 c:\windows\Tasks\HPCeeScheduleForAmanda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MyPoints Toolbar - c:\program files (x86)\MyPoints Toolbar\Uninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-03 18:44:18
ComboFix-quarantined-files.txt 2013-01-03 23:44
.
Pre-Run: 356,616,937,472 bytes free
Post-Run: 356,819,529,728 bytes free
.
- - End Of File - - 2FF381D30D478CE644EEB2B07D3D4872
-
I turned off Norton. Here is the report
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amanda [Admin rights]
Mode : Remove -- Date : 01/03/2013 14:21:12
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][sUSP PATH] RunAsStdUser Task : "C:\Users\Amanda\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe" -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] dcff82cb65881dd3f79d0cf723053517
[bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 451354 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 924782592 | Size: 21322 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 15253e84d3099f1e7c11d78750ef9d71
[bSP] 4d418d3c667ba0ecd9b5e11daf380f57 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 25000 Mo
Finished : << RKreport[2]_D_01032013_02d1421.txt >>
RKreport[1]_S_01032013_02d1420.txt ; RKreport[2]_D_01032013_02d1421.txt
-
Norton will not allow RogueKiller to be downloaded on my computer....
-
Here is the AdwCleaner report:
# AdwCleaner v2.104 - Logfile created 01/03/2013 at 13:29:04
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amanda - AMANDA-HP
# Boot Mode : Normal
# Running from : C:\Users\Amanda\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Amanda\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Amanda\AppData\Local\Ilivid
Folder Deleted : C:\Users\Amanda\AppData\LocalLow\Inbox Toolbar
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.FCTB000100757Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.FCTB000100757Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100757.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000100757
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [inboxToolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v [unable to get version]
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [7500 octets] - [03/01/2013 13:29:04]
########## EOF - C:\AdwCleaner[s1].txt - [7560 octets] ##########
-
OK here is the first report Security Check:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 20.2.0.19 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Please help - I was having issues with facebook loading and it was suggested that I download your program, which I did. It found a trojan file and memory module both under system32 named msaunperp.dll. I can not get rid of this thing. I've had it for a month and I'm afraid to use my computer to do banking that I NEED to get done. Please help me. Norton does not recognize the problem....
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Amanda at 12:34:12 on 2013-01-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1924 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\windows\SysWOW64\XTSYNX~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\program files (x86)\lkqfpgavsontis\xtsynxoi.exe
c:\program files (x86)\lkqfpgavsontis\xtsynxoi.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
c:\windows\system32\xtsynxoi.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: FCToolbarURLSearchHook Class: {f3954c17-b785-b6e4-e583-60efe47cb84a} - C:\Program Files (x86)\MyPoints Toolbar\Helper.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MyPoints Toolbar BHO: {948548C2-1801-7A14-F509-7FE523202B1D} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: MyPoints Toolbar: {5495B7A2-8F65-DEE4-A9FF-9BB6409140D4} - C:\Program Files (x86)\MyPoints Toolbar\Toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [inboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Amanda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5} : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5}\131364850313236313233313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{25C608CA-97E2-41A3-A9BD-4324223AE2C5}\E416E63697023416C6467756C6C6 : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys [2012-12-17 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys [2012-12-17 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys [2012-12-17 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-12-17 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130102.001\IDSviA64.sys [2013-1-3 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys [2012-12-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-12-17 432800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-16 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-15 361984]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 ehffigzyvkiukf;ehffigzyvkiukf;C:\Windows\SysWOW64\XTSYNX~1.EXE [2010-12-15 98304]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-27 2424424]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe [2012-12-17 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-12-17 143928]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-18 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-27 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-4-27 1860672]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-27 339048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-27 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-4-27 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-03 15:30:52 -------- d-----w- C:\Users\Amanda\AppData\Local\{0B3C4691-7479-43CC-BC91-D14B3BB07D51}
2013-01-02 15:30:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{562C84FC-9C6A-43F8-A97B-890321B5AFD4}
2013-01-02 02:57:17 -------- d-----w- C:\Users\Amanda\AppData\Local\{FE4F8D2B-9D0B-45B9-964C-2DEE5D8ABFEF}
2013-01-01 14:56:51 -------- d-----w- C:\Users\Amanda\AppData\Local\{17B04F02-5D7F-4898-B325-31601408E41F}
2012-12-31 14:55:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{CA17C3DA-AD6C-49BA-A11C-097B33F46C74}
2012-12-31 01:12:44 -------- d-----w- C:\Users\Amanda\AppData\Local\{0676AFF4-2FCE-4D70-B7CF-17267F090A68}
2012-12-30 13:00:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{028DC895-9265-4812-8009-73E1BCF11DA2}
2012-12-29 18:01:31 -------- d-----w- C:\Users\Amanda\AppData\Local\{F9329E83-1C63-4F35-8D9C-6FC0C01A0985}
2012-12-28 17:59:50 -------- d-----w- C:\Users\Amanda\AppData\Local\{A5FDCD53-7FD7-43EF-988E-04148CBA0E21}
2012-12-28 05:59:09 -------- d-----w- C:\Users\Amanda\AppData\Local\{D866A0BC-817B-4A94-9DD7-11209606F6C4}
2012-12-27 16:44:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{BDCCDB9E-FD81-4945-A5D8-419C31609930}
2012-12-26 15:54:47 -------- d-----w- C:\Users\Amanda\AppData\Local\{38DA240D-4F40-4287-8157-45762154365D}
2012-12-26 05:19:57 -------- d-----w- C:\Program Files\iPod
2012-12-26 05:19:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-26 05:19:56 -------- d-----w- C:\Program Files\iTunes
2012-12-26 05:19:56 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-26 03:30:16 -------- d-----w- C:\Users\Amanda\AppData\Local\{4E80C674-C6A5-4C48-BF62-006826A952C5}
2012-12-25 15:29:23 -------- d-----w- C:\Users\Amanda\AppData\Local\{168F42E3-E27C-417F-9F7F-C9FEA5587BF6}
2012-12-24 22:28:12 -------- d-----w- C:\Users\Amanda\AppData\Local\{7E988694-DF50-4046-85EA-01131A22961E}
2012-12-24 06:00:57 -------- d-----w- C:\Users\Amanda\AppData\Local\{97C4357F-859A-4CE8-B9CD-56A3D2F28476}
2012-12-23 18:00:11 -------- d-----w- C:\Users\Amanda\AppData\Local\{B1B36702-05C4-4226-A961-C24573A4E5FD}
2012-12-22 14:21:42 -------- d-----w- C:\Users\Amanda\AppData\Local\{95E19CEA-8A23-40A0-8181-061A84237CA2}
2012-12-22 05:41:23 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 05:41:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 05:41:22 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 05:41:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 13:36:10 -------- d-----w- C:\Users\Amanda\AppData\Local\{7D6FE86F-5C49-410A-B350-0A69CF05DA22}
2012-12-20 13:35:32 -------- d-----w- C:\Users\Amanda\AppData\Local\{86F38EDB-F76D-40F6-9919-75BDDA3D8526}
2012-12-19 18:49:29 -------- d-----w- C:\Users\Amanda\AppData\Local\{0AFD5A01-1F20-4C36-90C8-A87B75593C92}
2012-12-19 13:39:21 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-12-19 04:50:16 -------- d-----w- C:\Users\Amanda\AppData\Local\{8D875933-9820-46D4-8F85-C90704C543E2}
2012-12-19 02:43:37 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-12-19 02:01:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-19 02:01:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-18 13:53:06 -------- d-----w- C:\Users\Amanda\AppData\Local\{8FA09FCC-5E90-4E61-A38A-20B70C647FEE}
2012-12-18 04:08:16 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
2012-12-18 04:08:12 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02000.012
2012-12-18 04:08:12 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2012-12-18 04:08:11 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2012-12-18 04:05:43 776864 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtsp64.sys
2012-12-18 04:05:43 493216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymDS64.sys
2012-12-18 04:05:43 432800 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys
2012-12-18 04:05:43 37496 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\srtspx64.sys
2012-12-18 04:05:43 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymELAM.sys
2012-12-18 04:05:43 224416 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\Ironx64.sys
2012-12-18 04:05:43 168096 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\ccSetx64.sys
2012-12-18 04:05:43 1133216 ----a-r- C:\Windows\System32\drivers\NAVx64\1402000.013\SymEFA64.sys
2012-12-18 04:05:32 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1402000.013
2012-12-18 01:52:42 -------- d-----w- C:\Users\Amanda\AppData\Local\{A37FE5F4-8EFB-4521-83EA-C02F83F71444}
2012-12-17 13:52:17 -------- d-----w- C:\Users\Amanda\AppData\Local\{BBAE4CDC-06E9-4030-BE0B-955925A030B6}
2012-12-16 23:40:07 -------- d-----w- C:\Users\Amanda\AppData\Local\NPE
2012-12-16 18:50:22 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Malwarebytes
2012-12-16 18:50:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-16 18:50:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-16 18:50:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:35:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-16 18:35:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-16 18:35:30 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-16 18:35:30 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-16 18:35:26 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-16 18:22:38 -------- d-----w- C:\Users\Amanda\AppData\Local\{EDFCD47E-FE5F-4BCC-A69B-E84E685321E5}
2012-12-16 14:43:05 -------- d-----w- C:\Users\Amanda\AppData\Local\{DBAC9BD4-B5BA-44E5-9CE9-2B3B3AE8F994}
2012-12-16 00:57:46 -------- d-----w- C:\Users\Amanda\AppData\Local\{4E1515CE-C589-49BE-991F-4FA0E0335881}
2012-12-15 12:57:21 -------- d-----w- C:\Users\Amanda\AppData\Local\{7BBE2769-804B-42B6-9BC2-7B02B3088607}
2012-12-15 00:48:54 -------- d-----w- C:\Users\Amanda\AppData\Local\{A9068C5C-729A-4FF6-8F8A-F1F8D38094C6}
2012-12-14 20:25:03 -------- d-----w- C:\Users\Amanda\AppData\Local\Mozilla
2012-12-14 20:24:51 115168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-12-14 12:48:29 -------- d-----w- C:\Users\Amanda\AppData\Local\{8A306D11-597E-44C4-AF63-A8C76A005A8E}
2012-12-13 12:42:30 -------- d-----w- C:\Users\Amanda\AppData\Local\{3EEEBA01-F231-425A-87A8-5D7061AFF811}
2012-12-12 16:54:41 -------- d-----w- C:\Users\Amanda\AppData\Local\{ED58D4E2-F8E5-4C78-9561-458ADB2D68AC}
2012-12-11 16:54:02 -------- d-----w- C:\Users\Amanda\AppData\Local\{53E8F4DC-22CA-4D48-A932-06D39D15C5DA}
2012-12-10 15:34:03 -------- d-----w- C:\Users\Amanda\AppData\Local\{382D13DF-FFCF-40FC-9703-C9FF6BF39EC6}
2012-12-10 03:31:14 -------- d-----w- C:\Users\Amanda\AppData\Local\{340640E5-187B-43C4-9A2B-14EA6AA6CD6B}
2012-12-09 15:02:50 -------- d-----w- C:\Users\Amanda\AppData\Local\{74E5F787-1CAF-4CF0-949C-E884AFD885C3}
2012-12-09 00:59:19 -------- d-----w- C:\Users\Amanda\AppData\Local\{86ECEFAC-2CA6-42CF-9D32-FAECF48E5A48}
2012-12-08 12:58:54 -------- d-----w- C:\Users\Amanda\AppData\Local\{A0B7AB4D-CB9F-4EF1-835F-A3A10FA16CB2}
2012-12-08 03:59:47 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Catalina Marketing Corp
2012-12-08 03:59:23 489712 ----a-w- C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-12-07 20:55:23 -------- d-----w- C:\Users\Amanda\AppData\Local\{FD78CE44-6F46-44E9-987A-A676FE7A2777}
2012-12-07 01:51:02 -------- d-----w- C:\Users\Amanda\AppData\Local\{9B63041F-CFC9-4E55-B853-D4540512DD5B}
2012-12-06 13:50:51 -------- d-----w- C:\Users\Amanda\AppData\Local\{3D3848E6-F15A-427D-BB25-8DE7151F1E5E}
2012-12-06 01:50:27 -------- d-----w- C:\Users\Amanda\AppData\Local\{D947B6F8-9AAA-4A69-98EE-DC97B22A4220}
2012-12-05 13:50:03 -------- d-----w- C:\Users\Amanda\AppData\Local\{4A69A5FC-133B-414B-A7A5-B930FD0BD3CA}
2012-12-05 01:47:38 -------- d-----w- C:\Users\Amanda\AppData\Local\{03A06E3C-2424-4D90-9962-5E53334DA229}
.
==================== Find3M ====================
.
2012-12-18 04:06:00 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-12-12 01:07:51 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 01:07:51 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-19 23:18:22 652160 ----a-w- C:\Windows\couponprinter_x64.ocx
2012-10-19 23:18:02 440704 ----a-w- C:\Windows\CouponPrinter.ocx
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
============= FINISH: 12:35:13.91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2012 12:42:17 PM
System Uptime: 1/3/2013 9:21:47 AM (3 hours ago)
.
Motherboard: Hewlett-Packard | | 169B
Processor: AMD A6-3420M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 441 GiB total, 332.185 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.247 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
aioscnnr
Alabama Smith in the Quest of Fate
Alexandra Fortune - Mystery of the Lunar Archipelago
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blio
Bonjour
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
Chuzzle Deluxe
Clockwork Man 2 (remove only)
Coupon Printer for Windows
Cradle of Rome 2
CyberLink YouCam
D3DX10
Dora's World Adventure
essentials
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Gimp 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP Application Assistant
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
iCloud
IDT Audio
iLivid
Inbox Toolbar
iTunes
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mortimer Beckett and the Lost King Collectors Edition(remove only)
Mortimer Beckett and the Secrets of Spooky Manor
Mortimer Beckett and the Time Paradox
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPoints Toolbar
Norton AntiVirus
Norton Identity Safe
ocr
opensource
Peggle Deluxe 1.0
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PreReq
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 5.10
Sprill and Ritchie - Adventures In Time
Spybot - Search & Destroy
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Treasure Masters, Inc.
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/28/2012 5:33:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPAuto service.
12/28/2012 12:58:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/28/2012 12:58:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
12/28/2012 12:25:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
1/3/2013 9:27:39 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Amanda-HP\Amanda SID (S-1-5-21-2424382445-1395676361-3193568451-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/3/2013 8:48:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/3/2013 10:14:34 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
1/3/2013 10:14:34 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/1/2013 4:33:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
.
==== End Of File ===========================
I have a trojan according to your scan
in Resolved Malware Removal Logs
Posted
No problem. I appreciate all the help you have given me. I don't know what to do, but hopefully my information has not been stolen.
Anyway, thank you for all the time you've put in to this problem.